Threat Description

Haifa

Details

Aliases:Haifa
Category:Malware
Type:Virus
Platform: W32

Summary



This virus contains following text string:

HAIFA VIRUS V1.12
  WRITTEN BY Y.S
  GUEST STARS T.S. & I.F.
  MADE IN ISRAEL
  I AM TIRED. PLEASE WAKE ME UP ON TUE 12.4.3456
  PRESS RESET TO CONTINUE...


Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



The virus searches specifically for files with ASM, PAS, TXT and DOC extensions (as well as COM and EXE).

ASM files have the first 76 bytes overwritten with a assembler routine which is designed (when assembled) to overwrite the beginning of the first hard drive with garbage.

PAS files have the first 23 bytes overwritten with the text:

CONST VIRUS= "HAIFA";

TXT and DOC files are corrupted by having text inserted at approximate half-way point:

OOPS!  Hope I didn't ruin anything!!!
  Well, nobody reads those stupied DOCS anyway!

Although this virus has no stealth capability, it contains a self-modifying encryption routine such that each infection appears differently on disks.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More